private HttpClient InitializeClient()

in src/governance/client/CcfClientManager.cs [100:189]

• 79 lines of code
• 13 McCabe index (conditional complexity)

    private HttpClient InitializeClient(bool configureClientCert)
    {
        if (signingConfiguration == null)
        {
            throw new Exception("Invoke /configure first to setup signing configuration.");
        }

        if (string.IsNullOrEmpty(this.ccfEndpoint) || string.IsNullOrEmpty(this.serviceCertPem))
        {
            throw new Exception("CCF endpoint and Service Certificate are mandatory");
        }

        var handler = new HttpClientHandler
        {
            ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
            {
                if (errors == SslPolicyErrors.None)
                {
                    return true;
                }

                if (cert == null || chain == null)
                {
                    return false;
                }

                if (string.IsNullOrEmpty(this.serviceCertPem))
                {
                    this.logger.LogError(
                        "Failing SSL cert validation callback as no ServiceCert specified.");
                    return false;
                }

                foreach (X509ChainElement element in chain.ChainElements)
                {
                    chain.ChainPolicy.ExtraStore.Add(element.Certificate);
                }

                X509Certificate2Collection roots;
                try
                {
                    roots = new X509Certificate2Collection(
                        X509Certificate2.CreateFromPem(this.serviceCertPem));
                }
                catch (Exception e)
                {
                    this.logger.LogError(
                        e,
                        "Unexpected failure in loading service cert PEM.");
                    throw;
                }

                chain.ChainPolicy.CustomTrustStore.Clear();
                chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
                chain.ChainPolicy.CustomTrustStore.AddRange(roots);
                var result = chain.Build(cert);
                if (!result)
                {
                    this.logger.LogError(
                        "Failing SSL cert validation callback as chain.Build() " +
                        "returned false.");
                    for (int index = 0; index < chain.ChainStatus.Length; index++)
                    {
                        this.logger.LogError($"chainStatus[{index}]: " +
                            $"{chain.ChainStatus[0].Status}, " +
                            $"{chain.ChainStatus[0].StatusInformation}");
                    }

                    this.logger.LogError($"Incoming cert PEM: " +
                        $"{cert.ExportCertificatePem()}");
                    this.logger.LogError($"Expected cert PEMs are: " +
                        $"{this.serviceCertPem}");
                }

                return result;
            }
        };

        if (configureClientCert)
        {
            handler.ClientCertificates.Add(httpsClientCert);
        }

        var policyHandler = new PolicyHttpMessageHandler(
            HttpRetries.Policies.GetDefaultRetryPolicy(this.logger));
        policyHandler.InnerHandler = handler;
        var client = new HttpClient(policyHandler);
        client.BaseAddress = new Uri(this.ccfEndpoint);
        return client;
    }